A cloud storage user can install and use third-party applications. Some applications benefit from accessing content created outside of the application. For example, a photo editor application may not create content, but the photo editor application can access some existing image content to enhance, crop, and perform other modifications to the content. However, a user may not trust a third-party application to access all of their content. For example, a user can configure different access permission to folders or contents such that third-party applications may not have access to private and confidential content, but the third-party application may be able to access public content, e.g., a user can allow a third-party drive application to edit the photos in a public folder on the user's cloud storage.
To open all the photos with the third-party application, when the user has all images in a single directory named “Photos,” the user usually browses and opens all the images from within the image viewing application by first performing an “open” operation in the cloud storage User Interface (UI) on each and every image to make the image accessible to the application. Similarly, when the user puts media files in an album folder, the user cannot open the album folder in a music player application and play all the songs in it, or a zip creator application cannot zip up the contents of a folder unless the user explicitly opens each and every file beforehand.
Existing mechanisms to manage sharable storage for limiting third-party application access to user content do not allow a user to configure specific access control to folders or contents. In that case, users may grant overly-broad access to applications or have to grant access to each file one-by-one in a tedious manner. For example, applications may be granted access to read all files of a particular type, which may be too narrow or too broad access. In another example, to configure access control for a particular application, the content usually has to be stored in a location private to the application, making it inaccessible to other applications. For example, some wire framing applications may store multiple types of files in a project organized in specific folders such that other applications cannot access. Some of the files are common file types (such as images) which other applications may be able to support. The user can grant the wire framing application access only to certain project folders, and prevent another application from having access to the content the images wire framing application uses because they would reside in a folder private to the particular wire framing application. In another example, some file transfer and storage applications may allow third-party applications to access a single folder owned by the application itself, or to have access to all files of a specific type on the cloud drive. Such access configuration, however, grants all-or-nothing access authorization to a certain folder or a certain file type on a user's storage drive associated with the respective file transfer and storage application itself, but does not allow restricting certain file types of a particular folder. For another example, some file storage applications only allow access to all of a user's content or all of an enterprise's content stored on an online drive associated with the file storage application, without specific configuration to grant an application access to a subset of specific content on the user's content on the online drive.